More about cybersecurity

And, after dropping to their lowest level in a decade in 2015, spam attacks are on the rise once again, Cisco stated. Today, nearly two-thirds of emails are spam, with 8-10% marked as malicious, according to the report. Spam's resurgence is due in part to the rise of large and spreading botnets, the report said.

Why the rise in attacks? In part, it's because enterprise security departments are growing in complexity: 65% of businesses surveyed use anywhere from six to more than 50 different security products, which increases the potential for security gaps, Cisco noted. In order to take advantage of these gaps, cybercriminals have increased "classic" attack vectors via adware and email spam to new levels.

Just 56% of security alerts are investigated, Cisco found, and less than half of legitimate alerts are remediated. Budget concerns, poor compatibility of systems, and a lack of trained talent were the largest barriers to advancing enterprise security, the CSOs reported. Indeed, 57% of businesses recently reported major issues finding and recruiting talented IT security staff.

The vast majority of organizations (90%) that experienced a cyber attack are working to improve threat defense technologies and processes, the report found. Common tactics include separating IT and security functions (38%), increasing security awareness training for employees (38%), and implementing risk mitigation techniques (37%).

To better prevent, detect, and mitigate threats, Cisco recommends the following tips:

1. Make security a business priority: Executive leadership must own and evangelize security and fund it as a priority.

4. Adopt an integrated defense approach: Make integration and automation high on the list of assessment criteria to increase visibility, streamline interoperability, and reduce the time to detect and stop attacks. Security teams then can focus on investigating and resolving true threats.

"In 2017, cyber is business, and business is cyber—that requires a different conversation, and very different outcomes," said John N. Stewart, Cisco's senior vice president and chief security and trust officer, in a press release. "Relentless improvement is required and that should be measured via efficacy, cost, and well managed risk."

Stay up to date on all cybersecurity news. Click here to subscribe to the TechRepublic Cybersecurity Insider newsletter.